Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

InstaWP — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting InstaWP. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products InstaWP:InstaWP ConnectInstaWP Connect – 1-click WP Staging & MigrationString locator
CVE IDTitleCVSSSeverityPaused
CVE-2026-39504 WordPress InstaWP Connect plugin <= 0.1.2.5 - Broken Access Control vulnerability — InstaWP ConnectCWE-862 9.1AICriticalAI2026-04-08
CVE-2025-66068 WordPress InstaWP Connect plugin <= 0.1.1.9 - Broken Access Control vulnerability — InstaWP ConnectCWE-862 6.5 Medium2025-12-18
CVE-2025-2636 InstaWP Connect <= 0.1.0.85 - Unauthenticated Local PHP File Inclusion — InstaWP Connect – 1-click WP Staging & MigrationCWE-22 8.1 High2025-04-11
CVE-2025-31387 WordPress InstaWP Connect plugin <= 0.1.0.82 - Local File Inclusion vulnerability — InstaWP ConnectCWE-98 7.5 High2025-03-31
CVE-2024-13913 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.83 - Cross-Site Request Forgery to Local File Inclusion — InstaWP Connect – 1-click WP Staging & MigrationCWE-352 8.8 High2025-03-14
CVE-2024-10936 String Locator <= 2.6.6 - Unauthenticated PHP Object Injection — String locatorCWE-502 8.8 High2025-01-21
CVE-2023-6987 String Locator <= 2.6.5 - Reflected Cross-Site Scripting — String locatorCWE-79 6.1 Medium2024-08-24
CVE-2024-6397 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.44 - Authentication Bypass to Admin — InstaWP Connect – 1-click WP Staging & MigrationCWE-288 9.8 Critical2024-07-11
CVE-2024-37228 WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability — InstaWP ConnectCWE-434 10.0 Critical2024-06-24
CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation — InstaWP Connect – 1-click WP Staging & MigrationCWE-862 9.8 Critical2024-06-12
CVE-2024-32701 WordPress InstaWP Connect plugin <= 0.1.0.24 - Broken Access Control vulnerability — InstaWP ConnectCWE-862 4.3 Medium2024-06-09
CVE-2024-22145 WordPress InstaWP Connect plugin <= 0.1.0.8 - Arbitrary Option Update to Privilege Escalation vulnerability — InstaWP ConnectCWE-266 8.8 High2024-05-17
CVE-2024-2667 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.22 - Unauthenticated Arbitrary File Upload — InstaWP Connect – 1-click WP Staging & MigrationCWE-434 9.8 Critical2024-05-02
CVE-2024-25918 WordPress InstaWP Connect plugin <= 0.1.0.8 - Remote Code Execution vulnerability — InstaWP ConnectCWE-94 8.8 -2024-04-03
CVE-2024-23507 WordPress InstaWP Connect plugin <= 0.1.0.9 - SQL Injection vulnerability — InstaWP ConnectCWE-89 8.5 High2024-01-31
CVE-2024-23506 WordPress InstaWP Connect plugin <= 0.1.0.9 - Sensitive Data Exposure vulnerability — InstaWP ConnectCWE-201 7.7 High2024-01-26
CVE-2023-3956 InstaWP Connect <= 0.0.9.18 - Missing Authorization to Unauthenticated Post/Taxonomy/User Add/Change/Delete, Customizer Setting Change, Plugin Installation/Activation/Deactication via events_receiver — InstaWP Connect – 1-click WP Staging & MigrationCWE-862 9.8 Critical2023-07-27
CVE-2022-2434 String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization — String locatorCWE-502 8.8 High2022-09-06

This page lists every published CVE security advisory associated with InstaWP. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.